Main Menu
Main Page
Forums
Recent changes
Random page
Help

Databases
GlitchDex
AttackDex
ItemDex
TypeDex
UnownDex
More

Major Glitches
Trainer escape glitch
Old man trick
Celebi trick
Select glitches (Japan)
SRAM glitch
CoolTrainer♀ corruption
LOL glitch
Rival LOL glitch
Super Glitch
ZZAZZ glitch
Pomeg corruption glitch (Glitzer Popping)
Tweaking
Elite Four door glitch (Japan)
Pokémon merge glitch
Pokémon cloning
Time Capsule exploit
Arbitrary code execution
Coin Case glitch
More

Other Glitch Categories
Glitches by generation
Glitches between two generations
Japan-only/language specific glitches
Music glitches
Natural glitches
Non-core series glitches
Non-Pokémon glitches
Officially acknowledged glitches
Recurring glitches
Dead glitches

References
Pokémon GameShark codes
The Big HEX List
GB programming
Curiosities
Debugging features
Easter eggs
Error traps
Glitch areas
Glitch myths
Non-glitch exploits
Placeholder texts
Pokémon glitch terminology
Unused content and prerelease information

Useful Tools
8F Helper
GBz80 to Items
Old man trick name generator
PATH (Prama's Advanced Tweaking Heaven)
Save file editors
Special stat/Pokémon converter
Trainer escape Trainer Pokémon finder

Affiliates
Legendary Star Blob 2 (Hakuda)
Pokémon Speedruns wiki
PRAMA Initiative
Become an affiliate!

Search Wiki

 

Search Forums

 

Author Topic: Arbitrary code execution in Red/Blue using the "8F" item  (Read 209981 times)

0 Members and 1 Guest are viewing this topic.

realsamusaran

  • GCLF Member
  • Offline Offline
  • Gender: Female
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #360 on: April 29, 2016, 05:27:14 am »
Has anyone thought about making a comprehensive list of codes in a single post? My memory is not great and I've got a bit of a learning disability so I'm having trouble doing this on my own without writing down specific instructions others already made. It's a bit time-consuming to comb through 25 pages too.

Maybe a separate list for each one, like a ws m list and an 8F list, etc.

I might as well ask if anyone wants to be generous, has anyone made codes for changing Trainer ID numbers or names? both for the player character and for Pokémon. I want to change my ID number to 01996 in the English Pokémon Yellow with ws m, for when I transfer my Pokémon to Gen 7 from the virtual console.

Changing an owned Pokémon's catch rate would also be useful, if they give Gen 1 Pokémon held items based on that like they did in Gen 2. And being able to overwrite moves 2-4 without going into battle to swap with move 1 would be a time-saver. And I might want to change my Trainer's name too possibly, to RED or Red.

If anyone can help it would be very much appreciated, though only if you have the time and want to do it.

Krys3000

  • The frenchie
  • Distinguished Member
  • *
  • Offline Offline
  • Gender: Male
  • Head admin of the PRAMA Initiative
    • View Profile
    • PRAMA Initiative - Main french pokemon glitch website
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #361 on: April 29, 2016, 10:19:24 am »
If you want to change something in your game, just use the general single-address change code. You don't need to remember anything since you have all the addresses you need in either the RAM Map or the Disassembly.

If you don't get how to use this, ask for details  ;)
« Last Edit: April 29, 2016, 10:20:07 am by Krys3000 »

Skeef

  • GCLF Member
  • Offline Offline
  • Eek!
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #362 on: April 29, 2016, 01:00:52 pm »
Or use these instead.

Change id nr to 01996 on yellow(2 codes):
wsm
Any
X Accuracy   x89
Carbos      x211
Max Revive   x204
TM01      x(any)
-
wsm
Any
X Accuracy   x88
Carbos      x211
Max Revive   x07
TM01      x(any)

Note: Remember this does not change the ID of any pokémon already owned.
---

Changing moves of the fist pokémon in party on yellow:
wsm
Any
X Accuracy x 117/116/115 (move 4, 3 and 2 respecively)
Carbos x 209
Max Revive x Index nr of wanted move
TM01 x(any)

Note: The pokémon may need to have a move in the respective slot before it can be overwritten.
---

Change trainer name to the first pokémon's nickname on yellow:
wsm
Any
TM50      x180
TM10      x64
TM34      x87
TM09      x46
Carbos      x52
X Accuracy   x34
Full Heal   x201

Note1: Change the nickname of pokémon 1 to RED (or red) and press 8F exaclty 4 times.(or lenght of the pokémons nickname +1)
Note2: This is TheZZAZZGlitch's code from red adapted for yellow. Credit to him.

I didn't do a code to change catch rate cuz i don't know if its a good idea to change that and send them to another generation. Also, if you need the codes for red/blue. For theID nr and changing move 2,3,4. All you need to do is +1 to X Accuracy. The code for changing the players name in red/blue is in the first post.

I tested all these codes on yellow. (on a real cartridge to!) My name on yellow is now RED <-- :P

realsamusaran

  • GCLF Member
  • Offline Offline
  • Gender: Female
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #363 on: April 30, 2016, 08:02:36 am »
@Skeef: thanks a bunch! As far as catch rate goes I was only planning on changing them for Pokémon evolutions who aren't legitimately available to be caught, such as Alakazam or Gengar, since a legal Gengar would have the catch rate of Haunter or Gastly because catch rate stays the same after evolving a Pokémon you own.

I was also considering changing catch rates for Pokémon whose values changed from Red/Blue to Yellow, such as Kadabra or Dragonair. The starter Pikachu also has a unique catch rate when you receive it that no other Pikachu has, even when forcing an encounter with a wild one in Yellow. I messed up my PC box data somehow and lost my starter Pikachu actually...

@Krys3000: I looked at those and I'm having trouble understanding them right now but I'll try figuring something out on my own and when I've got something I'll come here to ask if I've got it right (I don't wanna mess up my save trying it out on my own).

Skeef

  • GCLF Member
  • Offline Offline
  • Eek!
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #364 on: April 30, 2016, 08:46:15 am »
Hmm, as far as messing up save data goes... If you are playing virtual console, wouln't backing up your SD card also back up the pokémon save?

ISSOtm

  • The French Lord of Laziness (and a huge The Legend Of Zelda fan)
  • Wiki Contributor
  • *
  • Offline Offline
  • Gender: Male
  • Pewter City (B)rocks !
    • View Profile
    • My Little Website
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #365 on: May 05, 2016, 05:18:43 am »
Of course, you can still rely on Old Man/GC RAM Manipulation to get a MissingNo., but it's true that having a setup with no version-exclusive or glitch Pokémon is an improvement.
Took me a while to figure this out, but oh well. Still worth posting, I guess.
Well, if your first Pokémon's Special Stat is in the following list, you can use Hitmonchan instead of Arbok.
That will make the game read the lower byte of the first Pokémon's Special Stat, and all of these were selected to be harmless, 1-byte instructions.
0, 3, 4, 5, 7, 10, 11, 12, 13, 15, 19, 20, 21, 23, 26, 27, 28, 29, 31, 39, 47, 56, 60, 61, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 118, 120, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195,
(Note : if the stat is higher than 255, subtract 256 and look up the value in this list.

If the stat is in the list and is less than 256, then Hitmonlee will work too.

Under certain circumstances (depending on the Speed Stat, actually), Mr. Mime will also work, but it is more complicated.
"THOU SHALL NOT PASS !!"  RIVAL's effect, Gandalf.

Proudly glitching Pokémon Red and Yellow on a Black & White GB, Pocket GB, GB Color, GBA SP and new 3DS.

My Twitter (beware, I'm French)
My YouTube (same warning)

Here is an online tool to build 8F setups : GBz80 to Items !

They see me layzin', they ha-tin'...
Heavy contributor of the global augmentation of entropy (my room's is too damn high !)

Shina69

  • GCLF Member
  • Offline Offline
  • CHARIZRAD 'M ROXORX or is it.
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #366 on: May 13, 2016, 02:42:54 pm »
Hi, guys! Thanks for helping me on changing the moves on yellow a few months ago, really helped!

I was wondering if it's possible to get HM Fly before getting to Celadon City by arbitrary code execution on pallet town, since only a few glitch pokemons level up learning Fly and that's probably not an option. After i receive the pikachu, maybe he could get it? I saw this video of a guy saving at 0:00 and instantly spawn at the end, maybe i could spawn near the HM Fly little house, although i probably wouldn't be able to leave from there that easily. Although if i was able to walk through walls, it would be easy. But then, how to disable it? I read about the youngster method but my lvl 100 nidoking doesn't really apply, that 4th move pp is difficult to get.

Thanks for the attention, guys! Maybe there's already a way to do it and i don't know.
« Last Edit: May 13, 2016, 03:19:36 pm by Shina69 »

Torchickens

  • Administrator
  • *****
  • Offline Offline
  • Gender: Female
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #367 on: May 13, 2016, 03:31:52 pm »
Hi, guys! Thanks for helping me on changing the moves on yellow a few months ago, really helped!

I was wondering if it's possible to get HM Fly before getting to Celadon City by arbitrary code execution on pallet town, since only a few glitch pokemons level up learning Fly and that's probably not an option. After i receive the pikachu, maybe he could get it? I saw this video of a guy saving at 0:00 and instantly spawn at the end, maybe i could spawn near the HM Fly little house, although i probably wouldn't be able to leave from there that easily. Although if i was able to walk through walls, it would be easy. But then, how to disable it?

Thanks for the attention, guys! Maybe there's already a way to do it and i don't know.

Yes. Getting to anywhere without arbitrary code execution and/or obtaining HM02 Fly can be done with the expanded items pack warping.

You can obtain the expanded items pack at the beginning of the game with the SRAM glitch after doing a swap such as Pokémon 1>Pokémon 10 if you have knowledge of the internal memory layout (which is the glitch you saw).

It may be possible to capture a Pokémon to obtain 49-51 total Pokémon instead of 255 (this happens because you normally capture a Golem (Red/Blue) or Magmar (Yellow) with the decimal index number of 49 or 51 respectively, due to the "wild appeared" glitch); from then on depositing them all is easy, unless for some reason the Pokémon you deposit or withdraw do not have terminated names (PRAMA encountered this on non-English versions, and in English Yellow a workaround might be to view a Pokémon with a specific move 4 such as Counter (like in the glitch "oobLG") but I don't know if this applies to every version). In Red and Blue, the Golem must be caught in a certain place to avoid a freeze. Diglett's Cave works; then you should open the menu to avoid a freeze if you exit by the stairs.

If you keep the expanded items pack, you can warp around as you please; although I'm afraid I don't know of a way how you could obtain items to keep in this way although it's likely very possible, because with the looping map trick (described below and on the first post) you may become trapped without a Pokémon to Teleport away.

If you've obtained an expanded items pack (such as the 255 items pack from dry underflow glitch); then you can warp to Celadon City by entering a Pokémon Center, swapping the Ultra Ball x0 at item 32 into Master Ball (left of the exit mat) or "!j" (Red/Blue) or "x" (Yellow) (right of the exit mat)  x(exit place ID) at item 36, and tossing how many you want. x0 actually represents x256. If you toss 250, then you can warp to Celadon City.

Regular Missingno. for obtaining a x255 stack (by obtaining x129 Potions, using two, capturing the Missingno. to obtain x255) can appear from doing the Trainer escape glitch/Mew glitch with Misty's Starmie (This will work in English Red/Blue but likely not French or Italian Red/Blue. Additionally in English Yellow (unsure about Spanish Yellow), if you have cleared your save file with Up+Select+B there is a way to encounter a "stable unstable Missingno." which is believed to never freeze the game).

Special Missingno. 182-184 are alternatives to regular Missingno. if your version's Missingno. freezes the game (and for people using the French and Italian versions of Red/Blue you could possibly use the Pokémon menu>Cooltrainer glitch described in the link above). They can be encountered by having Ditto transform into a Pokémon with one of those Special stats.

Alternatively, you can have a 1/8 chance of obtaining one from a double Trainer-Fly involving talking to the Cubone trade girl on Underground Path to encounter a level 80 Starmie first. This was first used in a Pokémon speedrunning route.

(Click to view video)
[youtube]https://www.youtube.com/watch?v=73fAlzIbi9k[/youtube]

TheZZAZZGlitch's looping map trick to obtain 8F or ws m allows you to bring up every item into the regular items to keep, except for possibly the non-functionable PP Up copy (32h) and TM55 (FFh, but you can keep the key item HM05 which works the same). You can dig up items of your choice and keep them if you bring them up with Select and then Teleport away.

Steps:

1) Walk to this place.

2) Swap an item with an ID of hex:33 or greater into the Nugget x1 found at item position 35, such as Poké Doll or X Special.
3) Keep walking right (to increase the item ID by 1 each step) or left (to decrease it by 1 each step) to change the item, until you find a HM02: Fly.
4) Press Select to bring it up to the top of the items pack and then Teleport away.

Hope that helps and let me know if you have any other questions!  :)
« Last Edit: May 13, 2016, 04:01:43 pm by Torchickens »
Hello. I actually identify as gender questioning, but nowadays feel more firmly that I identify as female. My sex is male but I like to express myself as female.  She/her pronouns, please.


Thank you Myri for my avatar! Thank you Aeriixion for the cute sprite above! :) Roelof also made different variations of the sprite (which I animated).

Contact:

Email Youtube Twitter
Skype: Torchickens
Bulbapedia Starfy Wiki

Beyond all philosophies are the things that go best for you; what makes you feel content. It's important to always follow your heart, so unless you feel perfectly happy about it don't just follow something because it is popular, fits a style or is conventional. Sometimes you may reach a point you're not sure who you are, but as things settle I'm convinced things do work out in time.

Shina69

  • GCLF Member
  • Offline Offline
  • CHARIZRAD 'M ROXORX or is it.
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #368 on: May 14, 2016, 04:55:55 pm »
Thanks a lot for the wise and meticulous explanation, Torchickens!
Sure it's a wonder the possibilities that Item Underflow brings as well as glitch items, i followed all the steps on SRAM glitch topic and it's a all new world. But, recently, i got more interested on these new recent challenges like the no save corruption speedruns and others that avoid the usage of expanded items pack. I looked through the forum archives and also found players trying to beat the game without battling team rocket members and that made me wonder: is it actually possible to complete pokemon yellow on such conditions plus without time cable exploits of any kind? I followed their topic (http://forums.glitchcity.info/index.php/topic,7448.0.html), but answers stopped a few months ago :(
« Last Edit: May 14, 2016, 05:38:28 pm by Shina69 »

hashtag

  • GCLF Member
  • Offline Offline
  • Gender: Male
  • ok
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #369 on: May 19, 2016, 05:05:24 pm »
Hey, first post!
Using the Wack0's simple Gameshark script to do a couple things, and i'm curious as to what you are supposed to do when the code requires you to enter a 00

for example I have a code that modifies the typing of the current box slot one pokemon. it should look like this

any item
8f
Lemonade * number corresponding to type
X-accuracy * 155 for primary type and 156 for secondary type
Carbos * 218
Pokeball * 119
Fresh Water * 201

This code works perfectly, and i have used it to replace Aerodactyl's flying typing with ghost as a proof of concept. the only problem is that when i want to make something a normal type i would have to have 0 lemonades because 00 is the hex that corresponds with normal. I have tried it just without any lemonades and it freezes the game, as expected. Is it possible to make the game read as having 0 lemonades by somehow rolling it over to 256, or anything like that? Thanks!

Flandre Scarlet

  • Mistress of Scarlet Devil Mansion
  • GCLF Member
  • *
  • Offline Offline
  • Role playing as my favorite character is fun
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #370 on: May 19, 2016, 05:36:01 pm »
First this code was sort of already made but that's not a big deal since you are new here. To get 0 Lemonades try using this 8F code by lowena

8F
Item you want X2 to get 0 or 1 to get 255
Burn Heal X43
Ice Heal X53
Revive X201
I am a fan of Pokemon, Glitches, Touhou, Yugioh, Smash, Mario, Sonic, Kirby, (2D) Metroid, and MORE!
 
8F is god it can create Pokemon from nothing, 8F is god it can change items into other items, 8F is god it can make infinite items out of 1, 8F is god it can end any battle, 8F is god it can change the world around us, 8F is god it can create music and new games, 8F is god. - Flandre Scarlet 2/23/2016

hashtag

  • GCLF Member
  • Offline Offline
  • Gender: Male
  • ok
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #371 on: May 19, 2016, 05:41:10 pm »
oh sweet thanks!

Wack0

  • Coder, reverser, beta collector [BetaArchive staff]
  • Staff
  • *****
  • Offline Offline
  • Gender: Male
  • cBRH - Doing nothing since 2k7
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #372 on: May 19, 2016, 05:42:53 pm »
First this code was sort of already made but that's not a big deal since you are new here. To get 0 Lemonades try using this 8F code by lowena

8F
Item you want X2 to get 0 or 1 to get 255
Burn Heal X43
Ice Heal X53
Revive X201

Alternatively have lemonade x1 followed by Soda Pop x4.

this is:

Code: [Select]
ld a,01
dec a
inc b
C H E C K E D . B U I L D S . A R E . A W E S O M E N E S S

BetaArchiveSoftHistory Forumsirc.rol.im #galaxy,#softhistory

Also known as The Distractor.

Shane, please stop telling children that there's a Mew outside under the delivery trucks. - Management

Pokémon: arbitrary code execution 1996-2016

camper

  • aka GlitcherRed, azum4roll
  • Member+
  • *
  • Offline Offline
  • Gender: Male
  • 975642dx║'r DExsfoF▓1 error.
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #373 on: May 20, 2016, 12:26:41 pm »
You can also get a x0 stack by tossing a whole stack above a x255 stack (which becomes a copy of the x255 stack), tossing 254 of the copy, and swapping the resulting x1 stack with the x255 stack. As a side effect, your item counter will decrease by 2 so you'll lose the stack you tossed and the last stack in your bag.
Youtube
 

Guess where this is?

Torchickens

  • Administrator
  • *****
  • Offline Offline
  • Gender: Female
    • View Profile
Re: Arbitrary code execution in Red/Blue using the "8F" item
« Reply #374 on: June 10, 2016, 04:31:37 pm »
Thanks a lot for the wise and meticulous explanation, Torchickens!
Sure it's a wonder the possibilities that Item Underflow brings as well as glitch items, i followed all the steps on SRAM glitch topic and it's a all new world. But, recently, i got more interested on these new recent challenges like the no save corruption speedruns and others that avoid the usage of expanded items pack. I looked through the forum archives and also found players trying to beat the game without battling team rocket members and that made me wonder: is it actually possible to complete pokemon yellow on such conditions plus without time cable exploits of any kind? I followed their topic (http://forums.glitchcity.info/index.php/topic,7448.0.html), but answers stopped a few months ago :(

You're welcome! I don't know the answer to that I'm afraid. Though it's possible to avoid at least some of the Rockets, including:

1) Regular Mt. Moon Rockets (you don't need to fight them).
2) Jessie & James on Mt. Moon (but note in Paco81's video he escapes from a long-range Rocket in Mt. Moon using an Escape Rope).
3) Rocket HQ rockets: Poké Doll Pokémon Tower skip.
4) Silph Co. Rockets: Removing the gym NPC with the Trainer escape glitch(??)

If there is a way to obtain a "Rival's effect"/"Jack effect" (walk through walls item) early such as "o" (hex:94) before Nugget Bridge, that could possibly be used to bypass the Nugget Rocket and the Rocket blocking the Dig TM NPC's house. It could also be used to bypass the Rocket blocking Fuchsia City's gym (though you might need to Teleport or Dig away after), also eliminating the need to battle Pokémon Tower's Jessie & James.



If you want to use 8F or ws m for many tasks, it's worth it to turn it into an in-built GameShark so you can use it without re-obtain items for different uses (in the case you tossed a quantity but need a higher quantity than what you have left to do something else).

This long code will load the quantity of Lemonade into the address represented by the quantity of Carbos (address first byte) and X Accuracy (address second byte) and reset the quantities back to 0 (actually 256 and tossable to obtain any quantity), so you can truly write whatever you want in RAM, WRAM as many times as you like without having to obtain items again if a quantity is too low.

You can get all of the items below with the Celadon looping map trick.

Code: [Select]
3E xx 26 xx 2E xx 04 77 26 D3 3E 00 2E 23 04 22 23 22 23 22 C9
Lemonade x(xx)
Carbos x(yy)
X Accuracy x(zz)
Poké Ball x119
Carbos x211
Lemonade x0
X Accuracy x35 (x34 in Yellow)
Poké Ball x34
HP Up x34
HP Up x34
TM01 x0

ld a, 00 - a (value)=xx
ld h, 00 - h (address byte 1)=yy
ld l, 00 - l (address byte 2)=zz
inc b - useless code
ld (hl),a - load a into the address (e.g. D059)
ld h, D3 - we load the address byte 1 as D3 (item quantities are in the D3XX region)
ld a, 00 - we load 'a' as 0 (quantity of 0)
ld l,  23 - l=23, now our address is D323 (item 3 quantity)
inc b - useless code
ld (hli),a - means we put 'a' in D323, and then increase the hl value to D324
inc hl -  hl value=D325
ld (hli),a - means we will load a (0) into D325 (item 4 quantity), and increase hl to D326
inc hl - hl value =D327
ld (hli),a - means we put 'a' in D327 (item 5 quantity)
« Last Edit: June 10, 2016, 04:40:50 pm by Torchickens »
Hello. I actually identify as gender questioning, but nowadays feel more firmly that I identify as female. My sex is male but I like to express myself as female.  She/her pronouns, please.


Thank you Myri for my avatar! Thank you Aeriixion for the cute sprite above! :) Roelof also made different variations of the sprite (which I animated).

Contact:

Email Youtube Twitter
Skype: Torchickens
Bulbapedia Starfy Wiki

Beyond all philosophies are the things that go best for you; what makes you feel content. It's important to always follow your heart, so unless you feel perfectly happy about it don't just follow something because it is popular, fits a style or is conventional. Sometimes you may reach a point you're not sure who you are, but as things settle I'm convinced things do work out in time.